WO2017050999A1 - Generateur d'horloge aleatoire - Google Patents
Generateur d'horloge aleatoire Download PDFInfo
- Publication number
- WO2017050999A1 WO2017050999A1 PCT/EP2016/072747 EP2016072747W WO2017050999A1 WO 2017050999 A1 WO2017050999 A1 WO 2017050999A1 EP 2016072747 W EP2016072747 W EP 2016072747W WO 2017050999 A1 WO2017050999 A1 WO 2017050999A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- clock signal
- generator
- random
- value
- clock
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/04—Generating or distributing clock signals or signals derived directly therefrom
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/04—Generating or distributing clock signals or signals derived directly therefrom
- G06F1/08—Clock generators with changeable or programmable clock frequency
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/04—Generating or distributing clock signals or signals derived directly therefrom
- G06F1/06—Clock generators producing several clock signals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
- G06F21/725—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03K—PULSE TECHNIQUE
- H03K3/00—Circuits for generating electric pulses; Monostable, bistable or multistable circuits
- H03K3/84—Generating pulses having a predetermined statistical distribution of a parameter, e.g. random pulse generators
Definitions
- the invention relates to a random generator of clock signal. This type of generator is used to clock processors which we wish to avoid synchronization with an external device.
- SE Secure Elements
- SEs have many security features to maintain the confidentiality of the information they contain. For this purpose, it is known to identify the attacks that can be used to extract confidential information and to integrate countermeasures in the OS to counter each type of attack. Among the various attacks, it is known to spy on the current consumed by the circuit or its electromagnetic radiation to determine which algorithm is taking place. In addition, a synchronization on the clock signal makes it possible to introduce faults to see how the algorithm reacts and to deduce certain values as a function of the current signature. Among known countermeasures, it is known to desynchronize the clock signal by using clock signal generators using a pseudo-random or random type component in order to make the analysis of the measured signals more complex.
- a pseudo-random generator makes it possible to partially mask the clock signal.
- a pseudo-random generator remains repetitive and therefore predictable after a certain time.
- a purely random clock generator has the major disadvantage of being too unpredictable and therefore sometimes to provide a clock much too slow for the requested use.
- the invention proposes a random clock generator which comprises a clock signal input receiving a master clock signal consisting of a series of regular and regularly spaced pulses, and a clock signal reducing circuit receiving a clock signal.
- the master clock signal and on the other hand an integer N and providing an output signal corresponding to a train of N pulses every M clock pulses, M being an integer greater than 1 and N being an integer greater than 1 and less than or equal to M.
- a number generator supplies a new number N to the clock reducer circuit every P pulses of a master clock signal, N and / or P being randomly produced.
- N may be randomly produced.
- N can be between a minimum value and a maximum value.
- the number N may be obtained at the output of an adder or of an adder / subtractor receiving on the one hand an average value of N and, on the other hand, a random value of correction to be added or subtracted from this average value.
- the number generator includes a nonlinear shift register and a random number generator, wherein the random number generator periodically resets the nonlinear shift register. The random value of correction can then be provided from the nonlinear shift register.
- FIG. 1 represents a preferred embodiment of the invention
- FIG. 2 shows an embodiment of a frequency reducer as used in the invention
- FIG. 3 is an example of a correspondence table as it can be used in the invention.
- FIG. 4 shows the pulse trains resulting from the frequency-reduction circuit
- FIG. 5 shows a preferred embodiment of a random number generator established in a range of controlled values
- Figure 6 shows an example of a random number generator.
- the clock generation circuit of FIG. 1 corresponds to a preferred embodiment of the invention.
- this clock generator operates in clock reducer mode and random clock generation mode while guaranteeing an average frequency.
- This clock generation circuit is preferably integrated on the same chip as the processor on which it is desired to mask the timing. In the preferred example, it was chosen to start from a primary clock signal MCIk and turn it into a transformed clock signal SCIk. This choice is made because it is possible and even recommended to use simultaneously on the integrated circuit the primary clock MCIk and the converted clock signal SCIk to mask a little more timing by the converted clock signal SCIk.
- the production of the primary clock signal MCIk is not represented but it can be obtained by any type of oscillator circuit known to those skilled in the art. For example, a ring oscillator made on the same integrated circuit may be suitable.
- the clock generation circuit of FIG. 1 mainly comprises a clock-reducing circuit 101 and a number generator 102.
- the clock-reducing circuit 101 receives the primary clock signal MCIk and supplies the clock signal transformed SCIk.
- the principle of the clock-reducing circuit 101 is to let only N clock pulses on M clock cycles with N between 1 and M, the number N being supplied on an input of the clock-reducing circuit 101.
- the number generator 102 provides a random number N for setting the clock reduction circuit 101.
- the parameterization is done every M clock cycles by means of a frequency divider circuit 103 which validates the number N every M clock cycles on a validation input VaIN of the reducer circuit. clock 101.
- the random number N is supplied by the number generator 102 to the clock reduction circuit 101 by means of a multiplexer 104 which makes it possible to select a random operating mode or a non-random mode using a selection signal Sel.
- the multiplexer 104 can therefore provide either a random number or a set number C that can be provided by another circuit.
- multiplexer 104 is not essential to the invention and serves only to provide commissioning control means of the invention. It is quite possible to suppress the multiplexer 104 by directly connecting the output of the number generator 102 to the input of the clock reduction circuit 101. The circuit will then always work in random mode.
- the frequency divider circuit 103 is used to simplify the N number change control. Indeed, the random side comes from the change of the number N by replacing it with another often enough so that it is not possible to predict or change the number N. Almost find the transformed clock signal SCIk from an observation of the current.
- the choice to change the number every M cycles amounts to optimally use the clock-reducing circuit 101 which proposes at the output to keep only N pulses on M.
- N is changed periodically every P cycles with P different from M but this would not optimize the use of the clock-reducing circuit 101.
- This change in number could also be done randomly.
- a random generator would provide a pulse while the P cycles with P a random number and a second generator would provide N in a random or predictable way.
- the value N would be loaded randomly in the clock-reducing circuit 101.
- FIG. 2 shows an exemplary embodiment of the clock reduction circuit 101 which is for example made around a correspondence table 201 and a shift register 202.
- the correspondence table comprises an input bus for receiving the number N, the validation input VaIN makes it possible to sample the value N of the bus in order to supply on M outputs N 0 to N M -i the values of states stored at the address corresponding to the number N.
- the M outputs N 0 to N M-1 of the correspondence table are connected to parallel inputs of the shift register 202 and the VaIN enable input selects the operating mode of the shift register.
- the shift register is synchronized to the primary clock signal MCIk.
- FIG. 3 is an exemplary content of the correspondence table 201 for a value of M equal to 1 6.
- the value N coded on 4 bits is between 0 and 15, however, the value 0 here corresponds to the value 16 at which the 5th most significant bit has been removed.
- FIG. 4 shows the transformed clock signal for each value of N, with M always equal to 1.
- M the number of bits in the clock signal.
- Randomly changing the value of N every M cycles amounts to randomly changing the order of succession of the pulse lines shown in FIG. 4.
- a consumption current measurement of a circuit partly synchronized by a transformed clock SCIk would see consumption falls scattered randomly over time and can not be predicted. These current drops interfering with the analysis of an algorithm, it is more difficult to analyze the algorithm that we try to spy on.
- the unpredictability of the presence or absence of the next pulse makes any attempt to change value in a register during operation very difficult.
- the value N can be between 1 and M, the number of active pulses of the transformed clock signal SCIk can be at most divided by M with respect to the number of pulses of the primary clock signal MCIk .
- the processing speed is certainly reduced but a maximum controllable value.
- a preferred mode is to vary the value of N in a range of values lower than the value of M. For example if N varies only between M / 2 and M, the processing speed will be at most halved compared to the maximum processing speed. Increasing the value of M then makes it possible to increase the entropy on the random character of the clock without, however, affecting performance.
- a fairly simple embodiment is to randomly vary the low-order bits of the N value while keeping the most significant bit at 1.
- the number of pulses can be controlled in order to have an opportunity to act on the entropy and the rate of timing.
- the number generator circuit 102 of FIG. 5 is proposed.
- the random generator 502 provides a random number on 3 bits at the shaping circuit.
- the output of the adder 501 provides the number N on 4 bits.
- the formatting circuit 503 is for example a correspondence table which will transform a 3-bit random number into a 4-bit signed integer in order to be able to add or subtract the random number to the set value C.
- the sampling of random number at the input of the shaping circuit 503 must be at the same clocking frequency as the sampling of the input N value of the clock-reducing circuit 101.
- a frequency divider circuit 504 As an indication, one skilled in the art will understand that N being coded on 4 bits and being able to add 3 or subtract 4 to the set value C, then it is necessary to have 4 ⁇ C ⁇ M-3 .
- Such a circuit makes it possible to have a control of the value N which is rather fine, it is thus possible to control on the one hand the average value of N and on the other hand the minimum value N mir , and the maximum value N Ma x of N.
- N mi n / M the largest possible value.
- N min / M the ratio of this ratio
- N M ax-N m the difference N M ax-N m in makes it possible to control the entropy of the random character, the greater the difference N M ax-N m in, the greater the entropy is important.
- the skilled person will choose values of N, N mm , N Ma x and M adapted to his needs.
- a noise generator NG supplies an analog signal that is difficult to predict with a trigger circuit 601.
- the trigger circuit 601 is for example a schmitt trigger which outputs a logic signal having a value of 0 or 1 depending on the value of the analog signal.
- the logic signal changes state after a duration that is random.
- the value of the logic signal is either 0 or 1 unpredictably.
- a shift register 602 receives on a serialization input said logic signal so that the register 602 fills randomly with 0 or 1 logic randomly.
- the contents of the shift register form a random logical number that changes each cycle of the primary clock MCIk.
- the random number generator may be limited to what is described above.
- a disadvantage of the previous circuit is that sometimes the logic signal provides a succession of value 0 or 1 for a certain time. We would end up with a succession of random numbers that would be unchanged.
- a nonlinear shift register 603 in which the contents of the register 602 are transposed, for example all Q cycles.
- the triggering circuit 601 provides a bit sequence that is too repetitive, this bit will be changed by the nonlinear shift register 603.
- the number of bits of which one is extracted on a parallel output of the register is extracted. need R 0 , Ri and R 2 .
- the word R 0 -2 corresponds to the output word of the random generator 502.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Computational Mathematics (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Manipulation Of Pulses (AREA)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201680055601.XA CN108027719B (zh) | 2015-09-25 | 2016-09-23 | 随机时钟生成器 |
EP16775609.7A EP3353646B1 (fr) | 2015-09-25 | 2016-09-23 | Generateur d'horloge aleatoire |
JP2018515643A JP6776346B2 (ja) | 2015-09-25 | 2016-09-23 | ランダムクロック発生器 |
US15/762,894 US10509433B2 (en) | 2015-09-25 | 2016-09-23 | Random clock generation |
KR1020187011803A KR102398235B1 (ko) | 2015-09-25 | 2016-09-23 | 랜덤 클럭 생성기 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15306497.7A EP3147774A1 (fr) | 2015-09-25 | 2015-09-25 | Generateur d'horloge aleatoire |
EP15306497.7 | 2015-09-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017050999A1 true WO2017050999A1 (fr) | 2017-03-30 |
Family
ID=54266504
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2016/072747 WO2017050999A1 (fr) | 2015-09-25 | 2016-09-23 | Generateur d'horloge aleatoire |
Country Status (6)
Country | Link |
---|---|
US (1) | US10509433B2 (ja) |
EP (2) | EP3147774A1 (ja) |
JP (1) | JP6776346B2 (ja) |
KR (1) | KR102398235B1 (ja) |
CN (1) | CN108027719B (ja) |
WO (1) | WO2017050999A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018182737A (ja) * | 2017-04-19 | 2018-11-15 | シーゲイト テクノロジー エルエルシーSeagate Technology LLC | 電力変動攻撃対策を有するコンピューティングシステム |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI662471B (zh) * | 2018-05-31 | 2019-06-11 | 華邦電子股份有限公司 | 真實隨機數產生裝置及其產生方法 |
CN110609672B (zh) * | 2018-06-15 | 2023-11-07 | 华邦电子股份有限公司 | 真实随机数产生装置及其产生方法 |
CN111193500B (zh) * | 2020-01-15 | 2023-04-07 | 电子科技大学 | 一种能够同步外部时钟的振荡器 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5404402A (en) * | 1993-12-21 | 1995-04-04 | Gi Corporation | Clock frequency modulation for secure microprocessors |
US20040114761A1 (en) * | 2001-04-24 | 2004-06-17 | Sangikyo Corporation | Random number generation apparation |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5416434A (en) * | 1993-03-05 | 1995-05-16 | Hewlett-Packard Corporation | Adaptive clock generation with pseudo random variation |
FI101833B (fi) * | 1994-07-13 | 1998-08-31 | Nokia Telecommunications Oy | Menetelmä ja järjestelmä kaapelointiviiveen automaattiseksi kompensoim iseksi kellosignaalin jakelujärjestelmässä |
US5696710A (en) * | 1995-12-29 | 1997-12-09 | Thomson Consumer Electronics, Inc. | Apparatus for symmetrically reducing N least significant bits of an M-bit digital signal |
FR2745099B1 (fr) * | 1996-02-19 | 1998-03-27 | Sgs Thomson Microelectronics | Procede de sequencement d'un circuit integre |
FR2745924B1 (fr) * | 1996-03-07 | 1998-12-11 | Bull Cp8 | Circuit integre perfectionne et procede d'utilisation d'un tel circuit integre |
US6003053A (en) * | 1996-11-29 | 1999-12-14 | Matsushita Electric Works, Ltd. | Pulse signal generation circuit and pulse signal generation method |
EP2280502B1 (en) * | 1998-06-03 | 2018-05-02 | Cryptography Research, Inc. | Using unpredictable information to Resist Discovery of Secrets by External Monitoring |
US6384651B1 (en) * | 2000-03-28 | 2002-05-07 | Intel Corporation | Method of generating a signal with controlled duty-cycle and pseudo-random spectrum |
CN100409175C (zh) * | 2001-03-15 | 2008-08-06 | 罗伯特-博希股份公司 | 在具有至少一个用户的总线系统中形成时钟脉冲的方法和装置,总线系统和用户 |
US6661360B2 (en) * | 2002-02-12 | 2003-12-09 | Broadcom Corporation | Analog to digital converter that services voice communications |
US7187241B2 (en) * | 2003-05-02 | 2007-03-06 | Silicon Laboratories Inc. | Calibration of oscillator devices |
JP2005045752A (ja) | 2003-07-07 | 2005-02-17 | Sony Corp | 暗号処理装置、および暗号処理方法 |
EP1496641A3 (en) | 2003-07-07 | 2005-03-02 | Sony Corporation | Cryptographic processing apparatus, cryptographic processing method and computer program |
US7098669B2 (en) * | 2003-10-01 | 2006-08-29 | Flowline, Inc. | Depth determining system |
US7554865B2 (en) * | 2006-09-21 | 2009-06-30 | Atmel Corporation | Randomizing current consumption in memory devices |
JP4117008B2 (ja) | 2006-10-30 | 2008-07-09 | シャープ株式会社 | 暗号化装置 |
US9401802B2 (en) | 2013-07-31 | 2016-07-26 | Fairchild Semiconductor Corporation | Side channel power attack defense with pseudo random clock operation |
-
2015
- 2015-09-25 EP EP15306497.7A patent/EP3147774A1/fr not_active Withdrawn
-
2016
- 2016-09-23 EP EP16775609.7A patent/EP3353646B1/fr active Active
- 2016-09-23 CN CN201680055601.XA patent/CN108027719B/zh active Active
- 2016-09-23 JP JP2018515643A patent/JP6776346B2/ja active Active
- 2016-09-23 KR KR1020187011803A patent/KR102398235B1/ko active IP Right Grant
- 2016-09-23 US US15/762,894 patent/US10509433B2/en active Active
- 2016-09-23 WO PCT/EP2016/072747 patent/WO2017050999A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5404402A (en) * | 1993-12-21 | 1995-04-04 | Gi Corporation | Clock frequency modulation for secure microprocessors |
US20040114761A1 (en) * | 2001-04-24 | 2004-06-17 | Sangikyo Corporation | Random number generation apparation |
Non-Patent Citations (1)
Title |
---|
OLIVER KÖMMERLING ADVANCED DIGITAL SECURITY RESEARCH: "Design Principles for Tamper-Resistant Smartcard Processors", USENIX,, 14 April 1999 (1999-04-14), pages 1 - 13, XP061012603 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018182737A (ja) * | 2017-04-19 | 2018-11-15 | シーゲイト テクノロジー エルエルシーSeagate Technology LLC | 電力変動攻撃対策を有するコンピューティングシステム |
JP7122142B2 (ja) | 2017-04-19 | 2022-08-19 | シーゲイト テクノロジー エルエルシー | 電力変動攻撃対策を有するコンピューティングシステム |
Also Published As
Publication number | Publication date |
---|---|
JP2018528719A (ja) | 2018-09-27 |
KR102398235B1 (ko) | 2022-05-13 |
US10509433B2 (en) | 2019-12-17 |
US20180292857A1 (en) | 2018-10-11 |
EP3147774A1 (fr) | 2017-03-29 |
CN108027719A (zh) | 2018-05-11 |
CN108027719B (zh) | 2021-12-24 |
KR20180059872A (ko) | 2018-06-05 |
EP3353646A1 (fr) | 2018-08-01 |
EP3353646B1 (fr) | 2019-10-30 |
JP6776346B2 (ja) | 2020-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3353646B1 (fr) | Generateur d'horloge aleatoire | |
EP3242398B1 (fr) | Générateur de nombres d'oscillations | |
EP1999569A1 (fr) | Generateur de nombres aleatoires | |
EP2549355A1 (fr) | Procédé et circuit d'ajustement d'une fréquence d'horloge | |
FR3023396A1 (fr) | Generateur de nombres aleatoires | |
CA2656125C (fr) | Dispositif et procede d'encodage de type cabac | |
EP1118943B1 (fr) | Dispositif de régénération d'une horloge à partir d'au moins deux bits de synchronisation | |
EP3242397A1 (fr) | Structure de multiplexeur | |
EP1869545B1 (fr) | Dispositif implementant la multiplication modulaire de montgomery | |
EP0134374B1 (fr) | Horloge à verrouillage de phase | |
FR3051086A1 (fr) | Circuit de comptage d'impulsions | |
FR2838210A1 (fr) | Procede cryptographique protege contre les attaques de type a canal cache | |
EP1071008B1 (fr) | Procédé pour effectuer une multiplication avec accumulation dans un corps de Galois. | |
EP3306465B1 (fr) | Procédé de traitement cryptographique comprenant une multiplication d'un point d'une courbe elliptique par un scalaire | |
EP0025731A1 (fr) | Sélecteur de demandes asynchrones dans un système de traitement de l'information | |
FR2818765A1 (fr) | Multiplicateur modulaire et processeur de cryptage/decryptage utilisant le multiplicateur modulaire | |
EP1120714B1 (fr) | Dispositif de régénération d'une horloge | |
EP0400734B1 (fr) | Dispositif de retard d'un signal numérique programmable et application à un dispositif de code correcteur d'erreurs | |
EP1635501B1 (fr) | Procédé de détection du positionnement relatif de deux signaux et dispositif correspondant | |
FR3142571A1 (fr) | Procédé de transfert de signal de commande entre un premier domaine numérique et un deuxième domaine numérique, et système sur puce correspondant. | |
EP0613251A1 (fr) | Diviseur de fréquence | |
WO2013121149A1 (fr) | Procédé et dispositif électronique de génération d'un signal d'horloge variable | |
FR3105490A1 (fr) | Procede de traitement cryptographique de donnees et entite electronique associes | |
FR2742947A1 (fr) | Dispositif de reception de signaux numeriques | |
WO2010133795A1 (fr) | Generation de nombres pseudo-aleatoires |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16775609 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15762894 Country of ref document: US Ref document number: 2018515643 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20187011803 Country of ref document: KR Kind code of ref document: A |